On Saturday, March 01, 2014 04:18:11 AM Anthony Messina wrote: > I've been waiting patiently for F20 to "settle" before upgrading my two VM > installations of FreeIPA: > > ipa1 (original master) > ipa2 (clone) > > I'm considering doing a "yum upgrade" this weekend and was wondering if any > users had found any "gotchas"? One that I can think of is the addition of > the following in F20's default /etc/krb5.conf: > > [libdefaults] > ... > default_ccache_name = KEYRING:persistent:%{uid} > ... > > I've seen on some of my freshly installed F20 FreeIPA clients that this > option is no longer present after ipa-client-install. On those clients, > I've manually added it post client install and things seem to work OK with > the exception of SELinux errors reported here: > > https://bugzilla.redhat.com/show_bug.cgi?id=1001703 > > Should I place this option in /etc/krb5.conf on the masters before/after > the yum upgrade (or at all)? > > Should I run "ipactl stop" prior to running the yum upgrade? > > Of note, I'm considering the "yum upgrade" option rather than creating F20 > replicas of F19 masters due to: > > https://fedorahosted.org/pki/ticket/816 > https://fedorahosted.org/389/ticket/47721 > > Any guidance is appreciated. Thanks, and have a good weekend. > > -A
I can report to the list that I've upgraded my ipa1 and ipa2 machines from F19 to F20 via "yum upgrade" in SELinux permissive mode and things went swimmingly. As far as my concerns above, I added the following to /etc/krb5.conf after the upgrade, but before the reboot: default_ccache_name = KEYRING:persistent:%{uid} And I did not issue "ipactl stop" prior to the upgrade. The only post-upgrade issue I am seeing is invalid characters passed to dirsrv queries when using FreeIPA web interface: https://fedorahosted.org/freeipa/ticket/4214 Thanks again to the FreeIPA team! -A -- Anthony - http://messinet.com - http://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users